Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RHEV-M VDC 信任管理问题漏洞
Vulnerability Description
RHEV-M VDC 2.2.0版本中存在安全漏洞,该漏洞源于在使用客户端Red Hat Enterprise Virtualization Manager接口连接Red Hat Enterprise Virtualization Manager时,程序没有验证SSL凭证。攻击者可利用该漏洞实施中间人攻击或伪造可信的服务器。
CVSS Information
N/A
Vulnerability Type
N/A